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Whereas the Parliament of India has set out to provide a practical regime of right to 
information for citizens to secure access to information under the control of public authorities, 
in order to promote transparency and accountability in the working of every public authority, 
and whereas the attached publication of the Bureau of Indian Standards is of particular interest 
to the public, particularly disadvantaged communities and those engaged in the pursuit of 
education and knowledge, the attached public safety standard is made available to promote the 
timely dissemination of this information in an accurate manner to the public. 
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NATIONAL FOREWORD 

This Indian Standard (Part 3) which is identical with ISO 9564-3 : 2003 'Banking — Personal Identification 
Number (PIN) management and security — Part 3: Requirements for offline PIN handling in ATM and POS 
systems' issued by the International Organization for Standardization (ISO) was adopted by the Bureau of 
Indian Standards on the recommendation of the Banking and Financial Services Sectional Committee and 
approval of the Management and Systems Division Council. 

This standard is published in various parts. Other parts in this series are: 

Part 1 Basic principles and requirements for online PIN handling in ATM and POS systems 

Part 2 Approved algorithms for PIN encipherment 

Part 4 Guidelines for PIN handling in open networks 

The text of ISO Standard has been approved as suitable for publication as an Indian Standard without 
deviations. Certain conventions are, however, not identical to those used in Indian Standards. Attention is 
particularly drawn to the following: 

a) Wherever the words 'International Standard' appear referring to this standard, they should be read as 
'Indian Standard'. 

b) Comma (,) has been used as a decimal marker while in Indian Standards, the current practice is to 
use a point (.) as the decimal marker. 

In this adopted standard, reference appears to certain International Standards for which Indian Standards 
also exist. The corresponding Indian Standards which are to be substituted in their respective places are 
listed below along with their degree of equivalence for the editions indicated: 



International Standard 

ISO 781 6-1 :1998 Identification cards 

— Integrated circuit(s) cards with 
contacts — Part 1: Physical 
characteristics 

ISO 781 6-2 : 1 999 Identification cards 

— Integrated circuit(s) cards with 
contacts — Part 2: Dimensions and 
location of the contacts 

ISO/IEC 7816-3 : 1997 Identification 
cards — Integrated circuit(s) cards 
with contacts — Part 3: Electronic 
signals and transmission protocol 

ISO/IEC 7816-5 : 1994 Identification 
cards — Integrated circuit(s) cards 
with contacts — Part 5: Registration 
system for applications in IC cards 



Corresponding Indian Standard 

IS 14202 (Part 1) : 2003 Identification 
cards — Integrated circuit(s) cards with 
contacts: Part 1 Physical 
characteristics (first revision) 

IS 14202 (Part 2) : 2003 Identification 
cards — Integrated circuit(s) cards with 
contacts: Part 2 Dimensions and 
location of the contacts (first revision) 

IS 14202 (Part 3) : 2002 Identification 
cards — Integrated circuit(s) cards with 
contacts: Part 3 Electronic signals and 
transmission protocols 

IS 14202 (Part 5) : 2003 Identification 
cards — Integrated circuit(s) cards with 
contacts: Part 5 Registration system for 
applications in IC cards 



Degree of Equivalence 



Identical 



do 



do 



do 
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2011 



International Standard 

ISO/IEC 7816-6 : 1997 Identification 
cards — Integrated circuit(s) cards 
with contacts — Part 6: Interindustry 
data elements 

ISO 9564-1 : 2002 Banking — 
Personal Identification Number (PIN) 
management and security — Part 1 : 
Basic principles and requirements for 
online PIN handling in ATM and POS 
systems 

ISO 9564-2 : 2005 Banking — 
Personal Identification Number (PIN) 
management and security — Part 2: 
Approved algorithms for PIN 
encipherment 

ISO 1 1568-2 : 2005 Banking — Key 
management (retail) — Part 2: 
Symmetric ciphers, their key 
management and life cycle 



Corresponding Indian Standard 

IS 14202 (Part 6) :2003 Identification 
cards — Integrated circuit(s) cards with 
contacts: Part 6 Interindustry data 
elements 

IS 15042 (Part 1) : 2006 Banking — 
Personal Identification Number (PIN) 
management and security: Part 1 Basic 
principles and requirements for online 
PIN handling in ATM and POS systems 
(first revision) 

IS 15042 (Part 2) : 2007 Banking — 
Personal Identification Number (PIN) 
management and security: Part 2 
Approved algorithms for PIN 
encipherment (first revision) 

IS 1 5256 (Part 2) : 201 1 Banking — 
Key management (retail): Part 2 
Symmetric ciphers, their key 
management and life cycle 



Degree of Equivalence 
Identical 



do 



do 



do 



The technical committee has reviewed the provision of the following referred publication and has decided 
that it is acceptable for use in conjunction with this standard: 



Designation 
EMV2000 



Title 

Integrated Circuit Card Specification for Payment Systems, Book 2 
Security and Key Management, Version 4.0, December, 2000 
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Introduction 

Financial transaction cards with embedded integrated circuits (IC) have made it technically feasible to perform 
PIN verification offline using the IC card. Issuers can now choose whether to have PIN verification performed 
online or offline. This part of ISO 9564 provides specific requirements for addressing offline PIN handling. 

Offline PIN verification does not require that a cardholder's PIN be sent to the issuer host for verification, and 
because of this many security requirements relating to PIN protection over networks are not applicable. 
However, many general PIN protection principles and techniques remain applicable even though a PIN may 
be verified offline. This part of ISO 9564 restricts itself to requirements relating specifically to the offline nature 
of PIN handling and, unless explicitly excluded, the basic principles of PIN management given in ISO 9564-1 
are applicable. 

ISO 10202W and, in particular, Part 6 of that International Standard, defines security requirements for 
cardholder verification using IC cards. It should be noted that ISO 10202 defines requirements for the IC card 
itself, rather than for the acquirer IC card acceptance systems, and so can be considered as complementary 
to ISO 9564. 
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Indian Standard 

BANKING — PERSONAL IDENTIFICATION NUMBER 
(PIN) MANAGEMENT AND SECURITY 

PART 3 REQUIREMENTS FOR OFFLINE PIN HANDLING IN ATM AND POS SYSTEMS 



1 Scope 

This part of ISO 9564 specifies the minimum security measures required for offline Personal Identification 
Number (PIN) handling and a standard means of interchanging PIN data in an offline environment. 

It is applicable to financial transaction, card-originated transactions requiring offline PIN verification, and to 
those institutions responsible for implementing techniques for the management and protection of the PIN at 
Automated Teller Machines (ATMs) and acquirer sponsored Point-of-Sale (POS) terminals. 

This part of ISO 9564 is not applicable to 

a) PIN management and security in the online PIN environment, which is covered in ISO 9564-1 , 

b) approved algorithms for PIN encipherment, which are covered in ISO 9564-2, 

c) the use of PINs in an open network environment, which is to be covered in ISO 9564-4, 

d) the protection of the PIN against loss or intentional misuse by the customer or authorized employees of 
the issuer or their agents, 

e) privacy of non-PIN transaction data, 

f) protection of transaction messages against alteration or substitution, e.g. an online authorization response, 

g) protection against replay of the PIN or transaction, 
h) specific key management techniques, 

i) the decision as to whether the IC card is to receive the PIN enciphered, 

j) contactless IC cards. 

The basic principles of PIN management described in Clause 4 of ISO 9564-1:2002 are applicable and 
normative to this part of ISO 9564. 

Requirements associated with multi-application IC cards are considered to be the responsibility of the issuer 
and are not included. 

This part of ISO 9564 is framed in terms applicable to IC card technology, however, by this it is not intended to 
restrict its applicability to IC card technology. 
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2 Normative references 

The following referenced documents are indispensable for the application of this document. For dated 
references, only the edition cited applies. For undated references, the latest edition of the referenced 
document (including any amendments) applies. 

ISO 7816 (all parts) Identification cards — Integrated circuit(s) cards with contacts 

ISO 9564-1:2002, Banking — Personal Identification Number (PIN) management and security — Part 1: Basic 
principles and requirements for online PIN handling in ATM and POS systems 

ISO 9564-2 1 >, Banking — Personal Identification Number management and security — Part 2: Approved 
algorithms for PIN encipherment 

ISO 11568-2, Banking — Key Management (retail) — Part 2: Key management techniques for symmetric 
ciphers 

EMV2000, Integrated Circuit Card Specification for Payment Systems, Book 2 — Security and Key 
Management, Version 4.0, December, 2000 



3 Terms and definitions 

For the purposes of this document, the terms and definitions given in ISO 9564-1 and the following apply. 

3.1 

integrated circuit 

IC 

microprocessor (typically) embedded in an IC card as specified in ISO 7816. 

4 PIN protection during transmission between PED and IC reader 

The IC reader and PIN entry device (PED) can either be two separate devices or integrated into a single 
device. See Table 1 . 

When the IC reader and PED are integrated within a device meeting the requirements of 6.3 of 
ISO 9564-1:2002 and the PIN is to be submitted to the IC in plain text form, then the PED need not encipher 
the PIN. 

When the PIN is to be submitted to the IC in plain text form and is transmitted to the IC reader through an 
unprotected environment, then the PIN shall be enciphered in accordance with ISO 9564-1. The IC reader 
shall then decipher the PIN for submission in plain text to the IC. 

For both integrated and non-integrated devices, when the PIN is to be submitted to the IC in enciphered form, 
then the PIN shall be enciphered within a device meeting the requirements of 6.3 of ISO 9564-1:2002 using 
an authenticated encipherment key of the IC. 

If the PIN is transmitted outside of a device meeting the requirements of 6.3 of ISO 9564-1:2002, then it shall 
be enciphered in accordance with ISO 9564-1 or using an authenticated encipherment key of the IC. 



1) To be published. (Revision of ISO 9564-2:1991) 
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5 Physical security 



This clause gives requirements and recommendations for the physical security of PEDs and IC readers. 
Unless excluded below, the requirements for PEDs used for offline PIN verification are the same as those 
given in ISO 9564-1. 

The PED should be a "physically secure device" as defined in 6.3 of ISO 9564-1:2002. If not, then, at a 
minimum, it shall satisfy the PED requirements of 6.3 of ISO 9564-1:2002. 

In order that an attack on the PED can be detected by the acquirer, the PED should be able to authenticate 
itself to the acquirer such that, if attacked, it will no longer be able to authenticate itself to the acquirer. 

Furthermore, if the PED is used for processing online PIN transactions (and so complies with the 
requirements of ISO 9564-1), then the acquirer shall verify, periodically, its integrity. 

The device housing the IC reader shall satisfy the PED requirements of 6.3 of ISO 9564-1:2002. 

The slot of the IC reader into which the IC card is inserted 

a) should not have sufficient space to hold a PIN-disclosing "bug" when a card is in the IC reader, 

b) nor should it be feasibly enlarged to provide space for a PIN-disclosing "bug", 

c) nor should it be positioned such that wires leaving the slot to an external "bug" could be hidden from 
users of the device. 

The necessary electronic protection circuits should be provided to prevent the adding of tapping devices 
inside the IC reader. 

Table 1 summarizes the PIN protection requirements for various terminal configurations and PIN submission 
methods in accordance with this clause and Clause 4. 



Table 1 — PIN protection requirements 



PIN submission 
method 


PED and IC reader integrated as device in 
accordance with 6.3 of ISO 9564-1:2002 


PED and IC reader not integrated as device 
in accordance with 6.3 of ISO 9564-1 :2002 


Enciphered PIN 
block submitted to 

IC 


The PIN block shall be submitted to the IC 
enciphered using an authenticated 
encipherment key a of the IC. 


The PIN block shall be enciphered between the 
PED and the IC reader in accordance with 
ISO 9564-1 or enciphered using an 
authenticated encipherment key of the IC. 

The PIN block shall be submitted to the IC 
enciphered using an authenticated 
encipherment key of the IC. 


Plain text PIN 
block submitted to 
IC 


No encipherment is required. 


The PIN block shall be enciphered from the 
PED to the IC reader in accordance with 
ISO 9564-1. 


a See EMV2000. 
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6 PIN Block Format 



6.1 General 

The PIN that is submitted by the IC reader to the IC shall be contained in a PIN block conforming to the 
Format 2 PIN block requirements of 6.2. This applies whether the PIN is submitted in plain text or enciphered 
using an encipherment key of the IC. 

PINs enciphered only for transmission between the PIN entry device and the IC reader shall use one of the 
PIN block formats specified in ISO 9564-1. Where Format 2 PIN blocks are used, a unique key per transaction 
method in accordance with ISO 11568 shall be used. 

6.2 Format 2 PIN block 

This PIN block is constructed by concatenation of two fields: the plain text PIN field and the filler field. 

The Format 2 PIN block shall be formatted as follows: 

Bit 

64 



1 


5 


9 


13 


17 


21 


25 


29 


33 


37 


41 


45 


49 


53 


57 


61 


c 


N 


P 


P 


P 


P 


P/F 


P/F 


P/F 


P/F 


P/F 


P/F 


P/F 


P/F 


F 


F 



where 

C is the control field, 4-bit field value 0010 (2); 

N is the PIN length, 4-bit binary number with permissible values 0100 (4) to 1 100 (12); 

P is the PIN digit, 4-bit field with permissible values 0000 (zero) to 1001 (9); 

P/F is the PIN/Fill digit, with P or F determined by PIN length; 

F is the fill digit, 4-bit field value 1111(15). 
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